Description
Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. 

The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Published: 2026-05-19
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in Sparx Pro Cloud Server’s handling of syntactically invalid SQL structures. A specially crafted query can cause the server to crash, resulting in a denial‑of‑service condition. The weakness is categorized as CWE‑228, indicating improper restriction of operations within bounds.

Affected Systems

Affected products are Sparx Systems Pro Cloud Server. Version 6.1 build 167 and earlier have been confirmed vulnerable; later releases were not tested and may also be at risk. No specific deployment details are available, so any installation of Pro Cloud Server should be evaluated.

Risk and Exploitability

The CVSS score of 7.1 reflects a high‑severity impact. Because the vulnerability can be triggered remotely by sending a malicious query, the risk is significant, especially if the server is exposed to untrusted networks. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog, but the lack of a public exploit does not eliminate the threat. An attacker could repeatedly crash the service, potentially disrupting business operations and causing financial loss.

Generated by OpenCVE AI on May 19, 2026 at 14:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued update or patch for Sparx Pro Cloud Server; verify you are running a version newer than 6.1 build 167.
  • If no patch is available, request detailed vulnerability information and a fix from Sparx Systems.
  • Configure the database or application firewall to detect and block malformed SQL queries, limiting the length and complexity of incoming statements.
  • Restrict external access to the Pro Cloud Server API to trusted IP addresses and regularly review logs for repeated malformed query attempts.

Generated by OpenCVE AI on May 19, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 19 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly.  The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Title DoS in Sparx Pro Cloud Server
Weaknesses CWE-228
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-05-19T15:25:37.873Z

Reserved: 2026-04-24T12:15:00.858Z

Link: CVE-2026-42100

cve-icon Vulnrichment

Updated: 2026-05-19T15:25:30.349Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-19T14:16:43.113

Modified: 2026-05-19T14:45:59.807

Link: CVE-2026-42100

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T14:45:07Z

Weaknesses